dcrat | 7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7dd81613aa...09.exe

windows7-x64

7dd81613aa...09.exe

windows10-2004-x64

Sharing

General

Target

7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309.exe
Size

762KB
Sample

241001-nl7a2sxbkn
MD5

90b452d84800d6430baba6ef4a5b965d
SHA1

d0597496e9fe52aeae9b299af9c23934b15bc1c7
SHA256

7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309
SHA512

3f805f25b6ae57fdeecb0c29275e9aab0d6cefe8e7ca162bab21b1631a1641ecd93b78fecd64a42d34baab2f34ee34e1e6bf2df30e86b15a5847c4035179ab8c
SSDEEP

12288:rkYHTs61mU1+6hH5aFJeV/3iXPrQfkXmm1RhdLB9XKynVwGQIgNa61+:rkYHTv5dIFJeVDE2a61+

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309.exe

Resource

win7-20240903-en

dcrat discovery infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309.exe

Resource

win10v2004-20240802-en

dcrat discovery infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309.exe
- Size
  
  762KB
- MD5
  
  90b452d84800d6430baba6ef4a5b965d
- SHA1
  
  d0597496e9fe52aeae9b299af9c23934b15bc1c7
- SHA256
  
  7dd81613aae4d5f9046abccef050357e6ce1066e10a1b1b98de231dcded90309
- SHA512
  
  3f805f25b6ae57fdeecb0c29275e9aab0d6cefe8e7ca162bab21b1631a1641ecd93b78fecd64a42d34baab2f34ee34e1e6bf2df30e86b15a5847c4035179ab8c
- SSDEEP
  
  12288:rkYHTs61mU1+6hH5aFJeV/3iXPrQfkXmm1RhdLB9XKynVwGQIgNa61+:rkYHTv5dIFJeVDE2a61+
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy